Subject: Grouper Users - Open Discussion List
- From: John Gasper <>
- To: Chris Hyzer <>, grouper-users <>
- Subject: Re: [grouper-users] RE: Priv Hook?
- Date: Mon, 03 Aug 2015 08:04:22 -0700
Yes, I think we can commit to doing testing with this.
PGP/GPG Key: 0xbafee3ef
From: <> on behalf of Chris Hyzer <>
Date: Friday, July 31, 2015 at 3:23 PM
To: John Gasper <>, grouper-users <>
Subject: RE: [grouper-users] RE: Priv Hook?
If you have READ then you automatically have VIEW, so you don’t have to assign both.
Also, I think you might have performance problems with this on large registries… I looked in the code and to add the ability to have a READONLY and VIEWONLY wheel group would not be a lot of changes. I can do some testing, but if you can also test that would be great. Is that something you are interested in?
At the end of the day, we want a read-only “wheel” group… In other words a group whose members can view, but not change all groups and their memberships. The proposed method of implementation is to use a post hook at give “view" and “read" to a newly created group… and prevent “view" and “read" from being removed from a group (except perhaps by someone in the Wheel group).
You should be able to use a membership hook, since privileges are implemented at memberships. The list type is “access”, and you can see which priv it is, and who is removing it, and veto it. If you write up exactly what you are doing I can look into making the grouper “rules” more full featured since these types of things should be easily accomplished with rules.
There specific case I’m working on is this… We are assigning privs (allow specific group to read and view) to new created groups via a hook. That part is great. We don’t want Group Admins to be able to remove that priv.
Yes, can you tell me more info about what you want to do? J
Is there a hook to veto the assignment/deletion of a privilege?
- Re: [grouper-users] RE: Priv Hook?, John Gasper, 08/03/2015
Archive powered by MHonArc 2.6.16.